Tenda M3 Firmware vulnerabilities

CVE-2022-38563 [HIGH] CWE-787 CVE-2022-38563: Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the funct Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter.

CVE-2022-38565 [HIGH] CWE-787 CVE-2022-38565: Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the funct Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter.

CVE-2022-38571 [HIGH] CWE-787 CVE-2022-38571: Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideLis Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem.

CVE-2022-38567 [HIGH] CWE-787 CVE-2022-38567: Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function fo Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter.

CVE-2022-38566 [HIGH] CWE-787 CVE-2022-38566: Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the funct Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter.

CVE-2022-32040 [HIGH] CWE-787 CVE-2022-32040: Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm.

CVE-2022-32041 [HIGH] CWE-787 CVE-2022-32041: Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnaly Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData.

CVE-2022-32043 [HIGH] CWE-787 CVE-2022-32043: Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo.

CVE-2022-32037 [HIGH] CWE-787 CVE-2022-32037: Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg.

CVE-2022-32039 [HIGH] CWE-787 CVE-2022-32039: Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the functio Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient.

CVE-2022-32036 [HIGH] CWE-787 CVE-2022-32036: Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidLis Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb.

CVE-2022-32035 [HIGH] CWE-787 CVE-2022-32035: Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.

CVE-2022-32034 [HIGH] CWE-787 CVE-2022-32034: Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the functio Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.

CVE-2022-26290 [CRITICAL] CWE-78 CVE-2022-26290: Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac.

CVE-2022-27079 [CRITICAL] CWE-77 CVE-2022-27079: Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem.

CVE-2022-27083 [CRITICAL] CWE-77 CVE-2022-27083: Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.

CVE-2022-27077 [CRITICAL] CWE-77 CVE-2022-27077: Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.

CVE-2022-27078 [CRITICAL] CWE-77 CVE-2022-27078: Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.

CVE-2022-26289 [CRITICAL] CWE-78 CVE-2022-26289: Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand.

CVE-2022-27080 [CRITICAL] CWE-77 CVE-2022-27080: Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.